I’m implementing my own Cryptocurrency similar to Bitcoin from scratch in C++ (just for learning and deeper understanding) and had an interesting design question.
My understanding is that the Merkle tree is only for nodes that do not want to download the entire blockchain (“lite nodes”) … so they can be sent a single transaction and verify it by getting the hashes of all previous blocks and a number of hashes logarithmic in the number of transactions within a particular block.
It seems to me you could accomplish something with similar functionality by instead computing the Merkle tree over the entire ledger state. Even with 1 billion accounts, this comes down to 30 hashes to verify a portion of the ledger. You would write the merkle root of the ledger state to the root of each block node. To verify a transaction you just download the new account value, along with the 30 or so hashes.
Assuming a 20byte wallet address + 8byte double for value … we get ~28GB of data for a billion addresses… doable in memory on beefy modern server hardware.
This is how I am thinking of approaching it in my design — am I missing something critical in the security model here?